- From: Anil Saldhana <Anil.Saldhana@redhat.com>
- Date: Mon, 13 Aug 2007 11:23:16 -0500
- To: W3 Work Group <public-wsc-wg@w3.org>
A couple of years ago, I had the same issue with the Bank of America website. The main http page had a login form. Even though the form post would be https, I would click the padlock beside the form to get to a https page to login (more frequently, I just used my bookmark to get to the secure login page directly). Today, the BOA web site is on https from get go. Maritza Johnson wrote: > > On May 9, 2007, at 10:49 PM, Doyle, Bill wrote: > >> Citi bank has a padlock next to the "sign on" button on an HTTP page. >> Pressing the sign-on button the user is taken to an HTTPs page. Is this >> over use of padlock icon? >> > > yes. > > I would argue that it's an inappropriate use of a lock because users > would take the presence of _a_ lock as an indicator that the current > login box was secure, not as an indicator that they should click on > the lock to reach the secure page. > > > Apologies for the very delayed comment, this caught my eye when I was > rereading the 'What is a secure page' thread ... > Maritza > > > > -- Anil Saldhana Project/Technical Lead, JBoss Security & Identity Management JBoss, A division of Red Hat Inc. http://labs.jboss.com/portal/jbosssecurity/
Received on Monday, 13 August 2007 16:32:15 UTC